Netgear support

Netgear support

 

Security Advisory for WPA-2 Vulnerabilities.
NETGEAR is aware of WPA-2 security vulnerabilities that affect NETGEAR products that connect to WiFi networks as clients. These vulnerabilities are potentially exploitable under the following conditions:

  • Your devices are only vulnerable if an attacker is in physical proximity to and within wireless range of your network.
  • Routers and gateways are only affected when in bridge mode (which is not enabled by default and not used by most customers). A WPA-2 handshake is initiated by a router in bridge mode only when connecting or reconnecting to a router.
  • Extenders, Arlo cameras, and satellites are affected during a WPA-2 handshake that is initiated only when connecting or reconnecting to a router.
  • Mobile hotspots are only affected while using WiFi data offloading, which is not enabled by default.

If these vulnerabilities are exploited, an attacker could potentially perform the following types of attacks, among others:

  • Eavesdrop on communication between the affected product and the router to which it connects.
  • Hijack unencrypted web sessions (sessions not using HTTPS). Encrypted traffic, such as banking website sessions and Arlo camera feeds, remains protected.

 

These WPA-2 vulnerabilities affect the following products:

Arlo Cameras:

  • ABC1000
  • VMC3040
  • VMC3040S

Orbi WiFi Systems:

  • RBS50 running firmware version 2.0.0.74 or earlier
  • RBS40 running firmware version 2.0.0.56 or earlier
  • RBW30 running firmware version 2.0.0.34 or earlier

Routers and Gateways (when used in bridge mode):

  • JR6150 running firmware version 1.0.1.10 or earlier
  • R6020 running firmware version 1.0.0.18 or earlier
  • R6050 running firmware version 1.0.1.10 or earlier
  • R6080 running firmware version 1.0.0.18 or earlier
  • R6100 running firmware version 1.0.1.16 or earlier
  • R6120 running firmware version 1.0.0.30 or earlier
  • R6220 running firmware version 1.1.0.50 or earlier
  • R6250 running firmware version 1.0.4.14 or earlier
  • R6700v2 running firmware version 1.1.0.42 or earlier
  • R6800 running firmware version 1.1.0.42 or earlier
  • R7000 running firmware version 1.0.9.12 or earlier
  • R7500 running firmware version 1.0.0.110 or earlier
  • R7500v2 running firmware version 1.0.3.16 or earlier
  • R7800 running firmware version 1.0.2.36 or earlier
  • R8300 running firmware version 1.0.2.106 or earlier
  • R8500 running firmware version 1.0.2.106 or earlier
  • R9000 running firmware version 1.0.2.40 or earlier

WiFi Range Extenders:

  • EX2700 running firmware version 1.0.1.20 or earlier
  • EX3700 running firmware version 1.0.0.62 or earlier
  • EX3800 running firmware version 1.0.0.62 or earlier
  • EX6000 running firmware version 1.0.0.20_1.0.11 or earlier
  • EX6100v1 running firmware version 1.0.2.16_1.1.130 or earlier
  • EX6100v2 running firmware version 1.0.1.50 or earlier
  • EX6120 running firmware version 1.0.0.30_1.0.20 or earlier
  • EX6130 running firmware version 1.0.0.16 or earlier
  • EX6150v1 running firmware version 1.0.0.32_1.0.68 or earlier
  • EX6150v2 running firmware version 1.0.1.50 or earlier
  • EX6200v1 running firmware version 1.0.3.76_1.1.111 or earlier
  • EX6200v2 running firmware version 1.0.1.50 or earlier
  • EX6400 running firmware version 1.0.1.60 or earlier
  • EX7000 running firmware version 1.0.0.50_1.0.101 or earlier
  • EX7300 running firmware version 1.0.1.60 or earlier
  • WN2000RPTv3 running firmware version 1.0.1.4 or earlier
  • WN3000RPv3 running firmware version 1.0.2.32 or earlier
  • WN3100RPv2 running firmware version 1.0.0.22 or earlier

WiFi Adapters:

  • A6100 running firmware version 1.0.0.32 or earlier
  • A6210 running firmware version 1.0.0.36 or earlier
  • A7000 running firmware version 1.0.0.11 or earlier
  • WNA3100M   running firmware version 1.2.0.7 or earlier
  • WNDA3100v3 running firmware version 1.0.0.10 or earlier

Mobile Hotspots:

  • AC810
  • AC815
  • MR1100

Wireless Access Points:

  • WAC104 running firmware versions prior to 1.0.4.9
  • WAC120 running firmware versions prior to 2.1.5
  • WAC505 running firmware versions prior to 1.5.3.7
  • WAC510 running firmware versions prior to 1.5.3.7
  • WAC720 running firmware versions prior to 3.7.12.0
  • WAC730 running firmware versions prior to 3.7.12.0
  • WN604 running firmware versions prior to 3.3.8
  • WNAP210v2 running firmware versions prior to 3.7.7.0
  • WNAP320 running firmware versions prior to 3.7.7.0
  • WND930 running firmware versions prior to 2.1.3
  • WNDAP350 running firmware versions prior to 3.7.7.0
  • WNDAP360 running firmware versions prior to 3.7.7.0
  • WNDAP620 running firmware versions prior to 2.1.4
  • WNDAP660 running firmware versions prior to 3.7.7.0

 

Firmware fixes are currently available for the following affected products:

  • WAC120
  • WAC505
  • WAC510
  • WAC720
  • WAC730
  • WN604
  • WNAP210v2
  • WNAP320
  • WND930
  • WNDAP350
  • WNDAP360
  • WNDAP620
  • WNDAP660

 

To download the latest firmware for your NETGEAR product:

  1. Visit NETGEAR Support.
  2. Start typing your model number in the search box, then select your model from the drop-down menu as soon as it appears.
    If you do not see a drop-down menu, make sure that you entered your model number correctly, or select a product category to browse for your product model.
  3. Click Downloads.
  4. Under Current Versions, select the download whose title begins with Firmware Version.
  5. Click Download.
  6. (Optional) To view the release notes for this firmware version, click Release Notes.
  7. Unzip the new firmware to an easy-to-find location, such as your desktop.
  8. Follow the firmware upgrade instructions in your product’s user manual, which is available on your product’s support page under User Guides and Documentation.

NETGEAR strongly recommends that you download the latest firmware as soon as possible.

For Arlo and Orbi products, firmware updates are sent to your devices automatically. You do not need to update your firmware manually.

Until a firmware fix is available for your product, NETGEAR recommends that you follow these workaround procedures:

Meer updates volgen zodra deze beschikbaar zijn.

Bron: Netgear support